diff --git a/samba-4.2-fix-gnutls-deprecation.patch b/samba-4.2-fix-gnutls-deprecation.patch new file mode 100644 index 0000000..16958fa --- /dev/null +++ b/samba-4.2-fix-gnutls-deprecation.patch @@ -0,0 +1,63 @@ +commit c6ad8a10c12c8a79dc83cab1591e5279edd62bd6 +Author: Evangelos Foutras +Date: Mon Apr 13 23:11:14 2015 +0300 + + s4:lib/tls: fix build with gnutls 3.4 + + gnutls_certificate_type_set_priority() was removed in GnuTLS 3.4.0. Use + gnutls_priority_set_direct instead. + + BUG: https://bugzilla.samba.org/show_bug.cgi?id=8780 + + Signed-off-by: Björn Jacke + Reviewed-By: Jelmer Vernooij + + Autobuild-User(master): Björn Jacke + Autobuild-Date(master): Wed Apr 29 22:29:02 CEST 2015 on sn-devel-104 + +diff --git a/source4/lib/tls/tls.c b/source4/lib/tls/tls.c +index b9182ad..2fe4ff7 100644 +--- a/source4/lib/tls/tls.c ++++ b/source4/lib/tls/tls.c +@@ -572,7 +572,6 @@ struct socket_context *tls_init_client(struct socket_context *socket_ctx, + { + struct tls_context *tls; + int ret = 0; +- const int cert_type_priority[] = { GNUTLS_CRT_X509, GNUTLS_CRT_OPENPGP, 0 }; + struct socket_context *new_sock; + NTSTATUS nt_status; + +@@ -598,7 +597,7 @@ struct socket_context *tls_init_client(struct socket_context *socket_ctx, + gnutls_certificate_set_x509_trust_file(tls->xcred, ca_path, GNUTLS_X509_FMT_PEM); + TLSCHECK(gnutls_init(&tls->session, GNUTLS_CLIENT)); + TLSCHECK(gnutls_set_default_priority(tls->session)); +- gnutls_certificate_type_set_priority(tls->session, cert_type_priority); ++ gnutls_priority_set_direct(tls->session, "NORMAL:+CTYPE-OPENPGP", NULL); + TLSCHECK(gnutls_credentials_set(tls->session, GNUTLS_CRD_CERTIFICATE, tls->xcred)); + + talloc_set_destructor(tls, tls_destructor); +diff --git a/source4/lib/tls/tls_tstream.c b/source4/lib/tls/tls_tstream.c +index f19f5c5..5b2329b 100644 +--- a/source4/lib/tls/tls_tstream.c ++++ b/source4/lib/tls/tls_tstream.c +@@ -967,11 +967,6 @@ struct tevent_req *_tstream_tls_connect_send(TALLOC_CTX *mem_ctx, + #if ENABLE_GNUTLS + struct tstream_tls *tlss; + int ret; +- static const int cert_type_priority[] = { +- GNUTLS_CRT_X509, +- GNUTLS_CRT_OPENPGP, +- 0 +- }; + #endif /* ENABLE_GNUTLS */ + + req = tevent_req_create(mem_ctx, &state, +@@ -1014,7 +1009,7 @@ struct tevent_req *_tstream_tls_connect_send(TALLOC_CTX *mem_ctx, + return tevent_req_post(req, ev); + } + +- gnutls_certificate_type_set_priority(tlss->tls_session, cert_type_priority); ++ gnutls_priority_set_direct(tlss->tls_session, "NORMAL:+CTYPE-OPENPGP", NULL); + + ret = gnutls_credentials_set(tlss->tls_session, + GNUTLS_CRD_CERTIFICATE, diff --git a/samba.spec b/samba.spec index f21a0c0..50a4d0a 100644 --- a/samba.spec +++ b/samba.spec @@ -96,6 +96,7 @@ Patch0: samba-4.2.2-fix_debug_macro.patch Patch1: samba-4.2.2-lib-util-fix-detection-of-systemd-libraries.patch Patch2: samba-4.2-fix-rpc-helper.patch Patch3: samba-4.2-auth-credentials-if-credentials-have-principal-set-t.patch +Patch4: samba-4.2-fix-gnutls-deprecation.patch # Red Hat specific replacement-files Source1: samba.log @@ -648,6 +649,7 @@ and use CTDB instead. %patch1 -p1 -b .samba-4.2.2-lib-util-fix-detection-of-systemd-libraries.patch %patch2 -p1 -b .samba-4.2-fix-rpc-helper.patch %patch3 -p1 -b .samba-4.2-auth-credentials-if-credentials-have-principal-set-t.patch +%patch4 -p1 -b .samba-4.2-fix-gnutls-deprecation.patch %build %global _talloc_lib ,talloc,pytalloc,pytalloc-util @@ -1938,6 +1940,7 @@ rm -rf %{buildroot} %changelog * Mon May 11 2015 Alexander Bokovoy - 4.2.1-8 - Fixes: #1219832: Samba 4.2 broke FreeIPA trusts to AD +- Remove usage of deprecated API from gnutls * Thu Apr 30 2015 Alexander Bokovoy - 4.2.1-7 - Fix LSASD daemon